Allow the daemon's host key to authenticate to itself

We now honor the daemon's own host key as an authentication token,
provided it comes in with the username 'Gerrit Code Review'.

This requires that the key be in the standard SSH key format, which
means the daemon must also be using the Bouncy Castle Crypto library.

When we authenticate with our own key we give ourselves full
administrative access.  This can be a useful backdoor if an
administrator has a running server, has full local UNIX access,
but has locked themselves out of their administrative account.
They can still SSH in locally using the server's host key and flush
the caches to pick up any edits made to their own user account
through direct database updates.

Change-Id: Id2c4d8edd575a002944cbb1acaec149c52e25071
Signed-off-by: Shawn O. Pearce <sop@google.com>

gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshModule.java

@@ -22,6 +22,7 @@ import com.google.gerrit.reviewdb.AccountGroup;
 import com.google.gerrit.reviewdb.PatchSet;
 import com.google.gerrit.server.CurrentUser;
 import com.google.gerrit.server.IdentifiedUser;
+import com.google.gerrit.server.PeerDaemonUser;
 import com.google.gerrit.server.RemotePeer;
 import com.google.gerrit.server.config.FactoryModule;
 import com.google.gerrit.server.config.GerritRequestModule;
@@ -66,6 +67,7 @@ public class SshModule extends FactoryModule {
     bind(SshInfo.class).to(SshDaemon.class).in(SINGLETON);
     factory(DispatchCommand.Factory.class);
     factory(QueryShell.Factory.class);
+    factory(PeerDaemonUser.Factory.class);
 
     bind(DispatchCommandProvider.class).annotatedWith(Commands.CMD_ROOT)
         .toInstance(new DispatchCommandProvider(NAME, Commands.CMD_ROOT));